[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2026:1524-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":48,"duplicates":49,"related":50,"reserved_at":9,"published_at":68,"modified_at":69,"state":9,"summary":70,"references_raw":72,"kevs":269,"epss":9,"epss_history":270,"metrics":271,"affected":272},"SUSE-SU-2026:1524-1","Security update 5.1.3 for Multi-Linux Manager Client Tools\n\nThis update fixes the following issues:\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Internal changes to fix build issues with no impact for customers\n    \ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n  * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n    + Bumped rollup to version 4.59.0\n  * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n    + Bumped brace-expansion to version 5.0.2\n  * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n  * CVE-2025-13465: Bumped lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n  * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260267)\n    + Bumped google.golang.org/grpc to version 1.79.3\n    \n    \ngrafana:\n\n- Security issues fixed:\n\n  * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)\n  * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)\n  * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)\n  * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)\n  * CVE-2026-26958: Bumped filippo.io/edwards25519 to version 1.1.1 (bsc#1258595)\n  * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873)\n  * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873)\n  * CVE-2026-27876: Fixed remote arbitrary code execution via chained SQL Expressions (bsc#1261025)\n  * CVE-2026-27877: Fixed information disclosure of data-source passwords via public dashboards (bsc#1261026)\n  * CVE-2026-28375: Fixed denial of service via testdata data-source (bsc#1261029)\n  * CVE-2026-27879: Fixed denial of service via resample query (bsc#1261027)\n  * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260263)\n  * CVE-2026-21724: Fixed authorization bypass allows modification of protected webhook URLs (bsc#1260878)\n\n- Version update from 11.5.10 to 11.6.14+security01 with the following highlighted changes and fixes:\n    \n  * Public Dashboards: Wired the public dashboard service to the HTTP server to ensure proper connectivity and availability\n  * Authentication: Refined the redirect logic to ensure consistent behavior during login and logout sequences\n  * Dashboard Reliability: Resolved a bug preventing single panels from rendering correctly when dashboard variables are referenced\n  * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and\n    removed blurred backgrounds from UI overlays to speed up the interface\n  * One-Click Actions: Visualizations now support faster navigation via one-click links and actions\n  * Alerting History: Added version history for alert rules, allowing you to track changes over time\n  * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup\n  * Cron Support: Annotations now support Cron syntax for more flexible scheduling\n  * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues\n    when Grafana is hosted on a subpath\n  * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting\n  * Alerting Limits: Added size limits for expanded notification templates to prevent system strain\n  * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field\n  * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated\n    rows or nested queries\n  * Dashboard Reliability: \n    + Fixed bugs involving row repeats and 'self-referencing' data links\n    + Fixed a bug preventing single panels from rendering correctly when dashboard variables are referenced\n  * Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where\n    contact points weren't working correctly\n  * URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly\n\nprometheus-blackbox_exporter:\n\n- Internal changes to fix build issues with no impact for customers\n\nspacecmd:\n\n- Version 5.1.13-0\n  * Update translation strings\n\nuyuni-tools:\n\n- Version 5.1.26-0\n  * Fixed applying PTF with images from RPMs (bsc#1252548)\n  * Ssl Key file can miss if CA password is blank (bsc#1254154)\n  * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619)\n  * Fixed default value for helm registry (bsc#1258927).\n  * Remove hub register command\n  * Optimize postgres migration disk space usage (bsc#1257447)\n  * Added continuous database backup support (bsc#1250367)\n  * Explicitly start proxy pods after operations\n    (bsc#1258015)\n  * Use static supportconfig name to avoid dynamic search\n    (bsc#1257941)\n  * Do not nest multiple tarball files and instead collect\n    all files into one tarball (bsc#1252964)\n  * Show where final tarball was generated (bsc#1259208)\n  * Set proxy config file permissions (bsc#1257660)\n- Version 5.1.25-0\n  * If PTF image doesn't exists, use the current service image (bsc#1258418)\n\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46],{"_key":15},"CVE-2025-13465",{"_key":17},"CVE-2025-3415",{"_key":19},"CVE-2025-61140",{"_key":21},"CVE-2026-1615",{"_key":23},"CVE-2026-21720",{"_key":25},"CVE-2026-21721",{"_key":27},"CVE-2026-21722",{"_key":29},"CVE-2026-21724",{"_key":31},"CVE-2026-21725",{"_key":33},"CVE-2026-25547",{"_key":35},"CVE-2026-26958",{"_key":37},"CVE-2026-27606",{"_key":39},"CVE-2026-27876",{"_key":41},"CVE-2026-27877",{"_key":43},"CVE-2026-27879",{"_key":45},"CVE-2026-28375",{"_key":47},"CVE-2026-33186",[],[],[51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},"2026-04-21T09:26:09Z","2026-04-22T08:15:49.030922Z",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[73,79,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,205,209,213,217,221,225,229,233,237,241,245,249,253,257,261,265],{"url":74,"sources":75,"tags":77},"https://www.suse.com/support/update/announcement/2026/suse-su-20261524-1/",[76],"osv_suse",[78],"Advisory",{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/1245302",[76],[83],"REPORT",{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/1250367",[76],[83],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1252548",[76],[83],{"url":93,"sources":94,"tags":95},"https://bugzilla.suse.com/1252964",[76],[83],{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1254154",[76],[83],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1254619",[76],[83],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1257329",[76],[83],{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1257337",[76],[83],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1257349",[76],[83],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1257442",[76],[83],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1257447",[76],[83],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1257660",[76],[83],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1257841",[76],[83],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1257897",[76],[83],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1257941",[76],[83],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1258015",[76],[83],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1258136",[76],[83],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1258418",[76],[83],{"url":153,"sources":154,"tags":155},"https://bugzilla.suse.com/1258595",[76],[83],{"url":157,"sources":158,"tags":159},"https://bugzilla.suse.com/1258873",[76],[83],{"url":161,"sources":162,"tags":163},"https://bugzilla.suse.com/1258893",[76],[83],{"url":165,"sources":166,"tags":167},"https://bugzilla.suse.com/1258927",[76],[83],{"url":169,"sources":170,"tags":171},"https://bugzilla.suse.com/1259208",[76],[83],{"url":173,"sources":174,"tags":175},"https://bugzilla.suse.com/1260263",[76],[83],{"url":177,"sources":178,"tags":179},"https://bugzilla.suse.com/1260267",[76],[83],{"url":181,"sources":182,"tags":183},"https://bugzilla.suse.com/1260878",[76],[83],{"url":185,"sources":186,"tags":187},"https://bugzilla.suse.com/1261025",[76],[83],{"url":189,"sources":190,"tags":191},"https://bugzilla.suse.com/1261026",[76],[83],{"url":193,"sources":194,"tags":195},"https://bugzilla.suse.com/1261027",[76],[83],{"url":197,"sources":198,"tags":199},"https://bugzilla.suse.com/1261029",[76],[83],{"url":201,"sources":202,"tags":203},"https://www.suse.com/security/cve/CVE-2025-13465",[76],[204],"WEB",{"url":206,"sources":207,"tags":208},"https://www.suse.com/security/cve/CVE-2025-3415",[76],[204],{"url":210,"sources":211,"tags":212},"https://www.suse.com/security/cve/CVE-2025-61140",[76],[204],{"url":214,"sources":215,"tags":216},"https://www.suse.com/security/cve/CVE-2026-1615",[76],[204],{"url":218,"sources":219,"tags":220},"https://www.suse.com/security/cve/CVE-2026-21720",[76],[204],{"url":222,"sources":223,"tags":224},"https://www.suse.com/security/cve/CVE-2026-21721",[76],[204],{"url":226,"sources":227,"tags":228},"https://www.suse.com/security/cve/CVE-2026-21722",[76],[204],{"url":230,"sources":231,"tags":232},"https://www.suse.com/security/cve/CVE-2026-21724",[76],[204],{"url":234,"sources":235,"tags":236},"https://www.suse.com/security/cve/CVE-2026-21725",[76],[204],{"url":238,"sources":239,"tags":240},"https://www.suse.com/security/cve/CVE-2026-25547",[76],[204],{"url":242,"sources":243,"tags":244},"https://www.suse.com/security/cve/CVE-2026-26958",[76],[204],{"url":246,"sources":247,"tags":248},"https://www.suse.com/security/cve/CVE-2026-27606",[76],[204],{"url":250,"sources":251,"tags":252},"https://www.suse.com/security/cve/CVE-2026-27876",[76],[204],{"url":254,"sources":255,"tags":256},"https://www.suse.com/security/cve/CVE-2026-27877",[76],[204],{"url":258,"sources":259,"tags":260},"https://www.suse.com/security/cve/CVE-2026-27879",[76],[204],{"url":262,"sources":263,"tags":264},"https://www.suse.com/security/cve/CVE-2026-28375",[76],[204],{"url":266,"sources":267,"tags":268},"https://www.suse.com/security/cve/CVE-2026-33186",[76],[204],[],[],[],[273,286,293,300,307,311,318,325],{"ecosystem":274,"name":275,"vendor":276,"product":277,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":277,"source":9,"versions":279},"SUSE Linux Enterprise","golang-github-lusitaniae-apache_exporter","suse","golang-github-lusitaniae-apache_exporter&distro=SUSE Multi Linux Manager Tools SLE-15","rpm",[280],{"version":281,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":284,"version_end_type":285,"fixed_in":9},"lt1_0_10_150002_3_6_1",true,"ecosystem","1.0.10-150002.3.6.1","excluding",{"ecosystem":274,"name":287,"vendor":276,"product":288,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":288,"source":9,"versions":289},"golang-github-prometheus-prometheus","golang-github-prometheus-prometheus&distro=SUSE Multi Linux Manager Tools SLE-15",[290],{"version":291,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":292,"version_end_type":285,"fixed_in":9},"lt3_5_0_150002_3_8_1","3.5.0-150002.3.8.1",{"ecosystem":274,"name":294,"vendor":276,"product":295,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":295,"source":9,"versions":296},"grafana","grafana&distro=SUSE Multi Linux Manager Tools SLE-15",[297],{"version":298,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":299,"version_end_type":285,"fixed_in":9},"lt11_6_14+security01_150002_4_14_1","11.6.14+security01-150002.4.14.1",{"ecosystem":274,"name":301,"vendor":276,"product":302,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":302,"source":9,"versions":303},"prometheus-blackbox_exporter","prometheus-blackbox_exporter&distro=SUSE Multi Linux Manager Tools SLE-15",[304],{"version":305,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":306,"version_end_type":285,"fixed_in":9},"lt0_26_0_150002_3_6_1","0.26.0-150002.3.6.1",{"ecosystem":274,"name":301,"vendor":276,"product":308,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":308,"source":9,"versions":309},"prometheus-blackbox_exporter&distro=SUSE Multi Linux Manager Tools SLE-Micro-5",[310],{"version":305,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":306,"version_end_type":285,"fixed_in":9},{"ecosystem":274,"name":312,"vendor":276,"product":313,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":313,"source":9,"versions":314},"spacecmd","spacecmd&distro=SUSE Multi Linux Manager Tools SLE-15",[315],{"version":316,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":317,"version_end_type":285,"fixed_in":9},"lt5_1_13_150002_3_9_3","5.1.13-150002.3.9.3",{"ecosystem":274,"name":319,"vendor":276,"product":320,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":320,"source":9,"versions":321},"uyuni-tools","uyuni-tools&distro=SUSE Multi Linux Manager Tools SLE-15",[322],{"version":323,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":324,"version_end_type":285,"fixed_in":9},"lt5_1_26_150002_3_12_1","5.1.26-150002.3.12.1",{"ecosystem":274,"name":319,"vendor":276,"product":326,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":326,"source":9,"versions":327},"uyuni-tools&distro=SUSE Multi Linux Manager Tools SLE-Micro-5",[328],{"version":323,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":324,"version_end_type":285,"fixed_in":9}]